Protecting Web Services from Remote Exploit code: A Static Analysis Approach

Xinran Wang

Pennsylvania State University, University Park, PA 16802 USA

xinrwang@cse.psu.edu

Yoon-Chan Jhi

Pennsylvania State University, University Park, PA 16802 USA

jhi@cse.psu.edu

Sencun Zhu

Pennsylvania State University, University Park, PA 16802 USA

szhu@cse.psu.edu

Peng Liu

Pennsylvania State University, University Park, PA 16802 USA

pliu@ist.psu.edu

Abstract:

We propose STILL, a signature-free remote exploit binary code injection attack blocker to protect web servers and web applications. STILL is robust to almost all anti-signature, anti-static-analysis and anti-emulation obfuscation.

Categories and Subject Descriptors: C.2.0 [Computer-Communication Networks]: General - Security and protection.

General Terms: Security.

Keywords: HTTP, Code Injection Attack, Static Analysis.

Introduction
Related Work
Proposed Method
- Disassembly and Control Flow Graph Generation
- Detection of Self-modifying and Indirect Jump Obfuscation Code
Experimental Results
conclusion
Bibliography
About this document ...

xinran wang 2008-02-28